package com.haorui.lygyd.authority.provider;

import com.haorui.base.core.utils.BeanUtil;
import com.haorui.base.system.entity.Account;
import com.haorui.base.system.service.AccountService;
import com.haorui.lygyd.authority.authentication.AccountAuthenticationToken;
import com.haorui.lygyd.authority.dto.AccountAuthDto;
import com.haorui.lygyd.authority.jwt.JwtTokenUtil;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;
/**
 * @author 陈刚
 * @version 1.0
 * @project znsm
 * @package com.haorui.znsm.authority.provider
 * @createDate 2018-03-16 14:15
 * @modfiyDate
 * @function
 */
@Component
@Slf4j
public class AccountAuthenticationProvider implements AuthenticationProvider {
    @Autowired
    private AccountService accountService;
    @Autowired
    private JwtTokenUtil jwtTokenUtil;
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        AccountAuthenticationToken accountAuthenticationToken = (AccountAuthenticationToken) authentication;
        String username = (String) accountAuthenticationToken.getPrincipal();
        String password = (String) accountAuthenticationToken.getCredentials();
        Account account=accountService.findAccountByUserName(username);
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        if(account!=null && encoder.matches(password,account.getPassword())){
            if(!account.getLocked()){
                AccountAuthDto accountAuthDto=new AccountAuthDto();
                //设置dto
                BeanUtil.beanCopy(account,accountAuthDto);
                accountAuthDto.setOrgid(account.getOrgid());
                //生成token
                String token = jwtTokenUtil.generateAccountToken(accountAuthDto);
                accountAuthDto.setToken(token);
                //加入授权明细
                accountAuthenticationToken.setDetails(accountAuthDto);
                //设置授权
                SecurityContextHolder.getContext().setAuthentication(authentication);
                //设置授权通过
                accountAuthenticationToken.setAuthenticated(true);
                return accountAuthenticationToken;
            }else {
                throw new LockedException("账号已被锁定");
            }
        }else {
            throw new BadCredentialsException("账号或密码错误");
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {

        return AccountAuthenticationToken.class.isAssignableFrom(authentication);
    }
}
